[Spam?] Re: FYI, I gave up on eap-tls for OS X and ios.

John Tobin jtobin at po-box.esu.edu
Thu Mar 30 01:24:37 CEST 2017


Interesting.

I have a self signed cert because [ I believe ] that is the test cert you
get when you install radius.
/etc/raddb/cert has a make, you run the make for test certs.

I have doc that suggests os x and ios will no longer allow self signed
certs, and it was suggested that I should have a self signed cert for free
Radiusd eap-tls.

The os x machines have no mods for a ³homebrewed² openssl?
I am testing against sierra and elcapitan, and I was also told I would
have to get special versions of openssl for os x at those levels because
of problems in opensslŠ
You have to implement homebrew openssl installŠ..

Will be interested in your feedback.
Any comment?


On 3/29/17, 16:14, "Freeradius-Users on behalf of Matthew Newton"
<freeradius-users-bounces+jtobin=po-box.esu.edu at lists.freeradius.org on
behalf of mcn4 at leicester.ac.uk> wrote:

>On Wed, Mar 29, 2017 at 07:38:03PM +0000, John Tobin wrote:
>> I am currently setup with a cisco 1282 access point running wpa2
>> supported by free radius under suse linux [tumble weed].
>> I am supporting students on window 7, [I believe I have a few
>> win-10s] and osx, will be testing ios later this week.
>> The server is the CA, and for testing purposes I had setup a
>> self signed cert, and was testing the client cert.
>
>FWIW, we've got FR 3.0.11 on Debian 8 servers with OpenSSL 1.0.1.
>There are Macs and Windows 7 authenticating against it, Windows
>with PEAP/EAP-TLS and Macs with plain EAP-TLS. Cisco WLCs/APs,
>WPA2/AES.
>
>Certs are all from a local Microsoft CA. No "self-signed" certs
>apart from the CA root of course. Both server certs and client certs
>generated from the CA. Can't think why you'd use a self-signed
>cert for the server cert, unless that wasn't what you meant.
>
>Can't think what might not be working in your setup. But it does
>work.
>
>Matthew
>
>
>-- 
>Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>
>
>Systems Specialist, Infrastructure Services,
>I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
>For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list